Re: [Serusers] Fwd: Re: AW: AW: [Sipping] FYI: RADIUS & SIP

On (07.08.03 19:47), Jiri Kuthan wrote: RADIUS is a well known AAA protocol, which even the smallest ISP and even midsized SME's use to authenticate e.g. their teleworking staff. The credentials handed out to users are an enormously valueable asset, as rolling out new credentails usually involved great efforts in terms of administration. So, for integration of the new service "SIP" into existing communities (as like as ISPs, Universities and probably enterprises), plugging into existing RADIUS infrastructure is essentially a very easy task. Which, in turn, makes it a very attractive option to increase your user's population from 0 to several thousands existing accounts in one simple step. What i'm missing a bit is work on interoperable RADIUS (vendor) attribute definitions e.g. for SIP-Aliases (what i'm working on right now), Remote-Party-ID (or related type of information, considering the state of the sterman-draft), service Classes of SIP users, etc. In terms of reliability: Accounting records are being retransmitted as long as they are not ACK'ed, so the only way of loosing accounting records (besides misconfiguration, of course) is to reboot the RADIUS client (which would make it loose it's current sessions). Intermediate accounting records may remedy that a bit, because one only looses the difference between the last intermediate accounting record and the missed STOP record). Proper Client implementations change server to a backup RADIUS is server if the first one does not respond. But: RADIUS is usually used as the main session accounting technique at major ISP's (where missing reliability leads to direct loss of money and therefore management attention ;), so if it was not reliable enough for that job, it would already have been improved or kicked out of the window. cheers axelm